CVE-2026-0870

CVE-2026-0870 pertains to MacroHub by GIGABYTE, describing a Local Privilege Escalation. The vulnerability arises because MacroHub launches external applications with improper privileges, enabling an authenticated local attacker to execute arbitrary code with SYSTEM privileges. Affected component...

CVE-2025-15464

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-15464

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

CVE-2025-15464 KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls...

EUVD-2025-34199

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox 144 and Thunderbird 144...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

EUVD-2025-7442

Malicious code in bioql PyPI...

How Google, Adidas, and more were breached in a Salesforce scam

At the heart of multiple data breaches against sophisticated and robust companies, including Google, Adidas, Louis Vuitton, and Chanel, was a rudimentary attack method that required little technical finesse—making a phone call. By disguising themselves as IT support personnel on the phone, hacker...

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

UBUNTU-CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...

UBUNTU-CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 136...

CVE-2025-1940 Android Intent confirmation prompt tapjacking using Select options

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

PT-2025-9665

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Description A select option could partially obscure the confirmation prompt shown before launching external apps, potentially tricking a user into launching an external app unexpectedly. This issue only affects...

PT-2024-10061

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 133 Thunderbird versions prior to 133 Description The issue is related to incorrect restriction of visualized user interface layers in Mozilla Firefox and Thunderbird on Android operating systems. This could allow a...

Design/Logic Flaw

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

UBUNTU-CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...